Article Content

When tokens are imported into Authentication Manager, they are set to Disabled by default and are enabled automatically when assigned or edited. However, when users request them through the Self-Service Console with automatic approval (0 steps), the email to the end user requires the user to enable/activate the token.This can be confusing to end users and can generate Help Desk calls, especially since the steps to Activate the token are listed first in the email but will not work until token is first set to Enabled. This How To article provides a work-around this situation.

Tasks

To work around this issue, an Authentication Manager administrator will need to:

Either enable unassigned tokens in bulk through the Security Console; or

Enable all disabled tokens through a SQL update command in the PostgreSQL database.

Resolution

Enable unassigned tokens in bulk through the Security ConsoleA simple work-around would be enable the tokens in bulk in the Security Console?. Note that a maximum of 500 unassigned tokens can be selected at a time.

In the Search Criteria options, define the Security Domain and search for All Unassigned Tokens.

When the results come back, place a check next to the tokens you wish to enable.

As in the screen shot below, change the Action box to Enable.

Click Go.

After clicking Go, the green check is removed from the Disabled column, indicating the token is now enabled for use. Now the user can successfully request token through Self Service Console.Enable all disabled tokens through a SQL UPDATE command in thePostgreSQLdatabaseLogin to the Authentication Manager primary server via SSH, vSphere or a direct connection as rsaadmin.Navigate to /opt/rsa/am/utils.Obtain the database password with the command ./rsautil manage-secrets -a get com.rsa.db.dba.password.

The list of token serial numbers displayed here should match the tokens shown as Disabled in the Security Console GUI.Next, update these tokens to be Enabled by setting the IS_ENABLED value from false to true.